DATA USE AGREEMENT
for the
American College of Surgeons
National Surgical Quality Improvement Program

 

This Data Use Agreement (“Agreement”) implements the data protections of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the American College of Surgeons National Surgical Quality Improvement Program’s (“ACS NSQIP”) Hospital Participation Agreement (“HPA”).  Any individual (“Data Recipient”) seeking to obtain or use the data in the ACS NSQIP Participant Use Data File (“PUF”) must be representing a ACS NSQIP Participating Hospital (“Hospital”), must agree to the terms in this Agreement, and must  submit this Agreement to the ACS NSQIP before the PUF may be released. 

                                                        

Consistent with the ACS NSQIP HPA and in accordance with HIPAA, any Protected Health Information (“PHI”), as defined by 45 CFR 164.501, submitted to the ACS NSQIP by the Hospital for inclusion in the ACS NSQIP may be used, disclosed, or combined with other such data from additional ACS NSQIP participating hospitals to create a de-identified data set as defined by 45 CFR 164.514(b), containing aggregate, patient-level data, as it is with the PUF.  The ACS NSQIP also retains the right to release the PUF at its discretion to ACS NSQIP participating hospitals for the purpose of engaging in research activities, quality improvement analysis, and aggregate statistical reporting. 

 

No Identification of Person(s) – Any effort to determine the identity of any individual, (including but not limited to patient, surgeon, and other health care provider or hospital), or to use the information for any purpose other than for research, quality improvement, and aggregate statistical reporting, would violate the HPA, the conditions of this Agreement, and the HIPAA.  Data Recipients of the PUF are prohibited under HIPAA and the HPA, and this Agreement from releasing, disclosing, publishing or presenting any individually identifying information.  The ACS NSQIP omits from the PUF all identifiers required to be excluded from de-identified data sets as defined by the HIPAA Privacy Rule.  It may be possible, in limited situations, through deliberate technical analysis, and with outside information, to ascertain from the de-identified data set the identity of particular persons.  Considerable harm could result if this were to occur.  Therefore, any attempts to identify individuals are prohibited and information that could identify individuals directly or by inference must not be released or published.  In addition, the users of the PUF must not attempt to contact any individuals for any purpose, including verifying information supplied in the PUF.  Any questions about the PUF must be referred exclusively to the ACS NSQIP.


No Identificaton of Hospital(s) – Section 924 (c) of the Public Health Service Act (42 U.S.C. 299c-3(c)) also restricts the use of information that permits the identification of establishments (hospitals) for purposes other than for which the information was originally supplied.  Commercial or competitive purposes involving participating hospitals is not an allowable use of this data, and the hospitals must not be identified directly or indirectly in distributed materials.  Any questions about the data should be forwarded to the ACS NSQIP.  Users of the PUF should not attempt to contact any individual or hospital in the data set for any purpose including data verification.

 

Access to Chapter 4 of the “ACS NSQIP Operations Manual”: Chapter 4 (for both Essential and Procedure Targeted data) contains proprietary ACS NSQIP programmatic information. Your use of Chapter 4 is restricted to clarifying definitions for your PUF-based research purposes. The contents of Chapter 4 shall not be shared, quoted, distributed, or disseminated in any published papers, reports, manuscripts, etc.  Limited paraphrasing of Chapter 4 definitions, to provide methodological clarity in research publications, is permissible.  Any use or redistribution of Chapter 4 for commercial purposes is strictly prohibited. 

 

Permission to use and disclose the data – Permission to use and disclose the PUF is granted from the ACS NSQIP to each Data Recipient.  The Data Recipient must be an employee of the participating Hospital.  Intentional misrepresentation of employment at the Hospital by the Data Recipient will void this Agreement, prohibit use of the PUF by the Data Recipient, and result in legal action taken by the ACS NSQIP.  The ACS NSQIP also reserves the right to deny access to the PUF at its discretion.

 

By signing this Agreement, the Data Recipient warrants that it:

·         Will not use or disclose the PUF other than as permitted by this Agreement for research activities, quality improvement analysis, and aggregate statistical reporting or as otherwise required by law;

·         Will not use or further disclose the PUF in a manner that would violate the HIPAA regulations;

·         Will use reasonable and appropriate safeguards to prevent use or disclosure of the PUF other than as provided for by this Agreement, including administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the electronic PUF that it receives, maintains, or transmits on behalf of the Hospital as required by 45 CFR 164.314;

·         Will report to the ACS NSQIP any use or disclosure of the PUF not provided for by this Agreement and any security incident involving the PUF of which it becomes aware promptly and within ten (10) days of its discovery;

·         Will not grant access to or share the PUF either in its entirety or as a subset to any party who is not an employee of the participating Hospital at which the Data Recipient is employed;

·         Will not sublease or permit other parties to use the PUF without advance written approval of the ACS NSQIP;

·         Will ensure that any agents including contractors and subcontracts and researchers to whom the PUF is provided contractually agree in writing to the same restrictions and conditions that apply to the Data Recipient with respect to such information;

·         Will make available to the ACS NSQIP its internal records related to the use and distribution of the PUF as requested;

·         Will comply with any applicable Hospital IRB requirements;

·         Will not use the PUF to identify or contact the individuals who are the subject of the information;

·         Will not hold the ACS or the ACS NSQIP responsible for any claims arising from works based on the original data, text, tables, or figures;

 

·         Will acknowledge in all reports that the source of the data is the participating hospital(s) that submitted data to the ACS NSQIP and  will include the following disclosure on any presentation or published material:

The American College of Surgeons National Surgical Quality Improvement Program and the hospitals participating in the ACS NSQIP are the source of the data used herein; they have not verified and are not responsible for the statistical validity of the data analysis or the conclusions derived by the authors.

·         Will provide at a minimum an abstract and reference for any published materials resulting from the PUF to the ACS NSQIP.

 

Additional Terms:

·         The Data Recipient agrees to indemnify the ACS and its employees and agents from liability, claims, or expenses arising from use of the PUF by Data Recipients negligence in Data use of the PUF by the Data Recipient;

·         This Agreement will remain in effect as of the date of execution and terminate when all copies of the PUF are destroyed and the PUF is no longer in use;

·         Any noncompliance by the Data Recipient with the terms of this Agreement or failure on the part of the Data Recipient to correct any breach or violation of this Agreement to the satisfaction of the ACS NSQIP will be grounds for immediate termination of the Agreement by the ACS NSQIP and the American College of Surgeons will report the Data Recipient’s breach to the Secretary of the United States Department of Health and Human Services.   

 

As the undersigned, my signature confirms my employment at the participating Hospital and my intention to comply with the above stated requirements. Violators of this Agreement may also be subject to penalties under statutes that may apply to these data.